CWE-307

Improper Restriction of Excessive Authentication Attempts

Parent: CWE-1390 - Weak Authentication

The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame.

586 vulnerabilities with CWE-307
CVE-2025-2417 HIGH
Akinsoft e-Mutabakat <2.02.06 - Auth Bypass
CVSS 8.6
CVE-2025-2411 HIGH
Akinsoft TaskPano <1.06.06 - Auth Bypass
CVSS 8.6
CVE-2025-2416 HIGH
Akinsoft LimonDesk <1.02.17 - Auth Bypass
CVSS 8.6
CVE-2025-2415 HIGH
Akinsoft MyRezzta <2.05.01 - Auth Bypass
CVSS 8.6
CVE-2025-1740 CRITICAL
Akinsoft MyRezzta <2.05.01 - Auth Bypass
CVSS 9.8
CVE-2025-2413 HIGH
Akinsoft ProKuafor <1.02.08 - Auth Bypass
CVSS 8.6
CVE-2025-2414 HIGH
Akinsoft OctoCloud <1.11.01 - Auth Bypass
CVSS 8.6
CVE-2025-2412 HIGH
Akinsoft QR Menu <1.05.12 - Auth Bypass
CVSS 8.6
CVE-2025-9004 LOW
mtons mblog < 3.5.0 - Improper Restriction of Excessive Authentication Attempts in Password Settings
CVSS 3.7
CVE-2025-8927 LOW
mtons mblog < 3.5.0 - Improper Restriction of Excessive Authentication Attempts via Email Parameter
CVSS 3.7
CVE-2025-52392 MEDIUM
Soosyze CMS 2.0 - Brute-Force Login via Unrestricted Authentication Attempts
CVSS 5.4
CVE-2025-55003 MEDIUM
OpenBao < 2.3.2 - Login MFA Bypass via TOTP Whitespace Normalization
CVSS 5.7
CVE-2025-54998 MEDIUM
OpenBao 0.1.0-2.3.1 - User Lockout Bypass via User Entity Alias Attribution
CVSS 5.3
CVE-2025-8742 LOW
macrozheng mall 1.0.3 - Auth Bypass
CVSS 3.7
CVE-2025-46414 HIGH
EG4 Electronics Products - Unauthenticated Brute-Force Attack via PIN Input
CVSS 8.1
CVE-2025-53544 HIGH
Trilium Notes <0.97.0 - Auth Bypass
CVSS 7.5
CVE-2025-6015 MEDIUM
HashiCorp Vault 1.10.0-1.16.22, 1.17.0-1.19.6, 1.20.0 - Authentication Bypass via MFA Bypass
CVSS 5.7
CVE-2025-6004 MEDIUM
HashiCorp Vault 1.13.0-1.16.22, 1.17.0-1.19.6, 1.20.0 - User Lockout Bypass via Userpass and LDAP Authentication
CVSS 5.3
CVE-2025-54833 MEDIUM
OPEXUS FOIAXpress PAL <11.1.0 - Auth Bypass
CVSS 5.3
CVE-2025-28172 MEDIUM
Grandstream UCM6510 Firmware < 1.0.20.52 - Improper Restriction of Excessive Authentication Attempts
CVSS 6.5
CVE-2025-7393 CRITICAL
Drupal Mail Login 3.0.0-3.1.x and 4.0.0-4.1.x - Brute Force via Excessive Authentication Attempts
CVSS 9.8
CVE-2025-7882 LOW
Mercusys MW301R 1.0.2 Build 190726 Rel.59423n - Auth Bypass
CVSS 3.1
CVE-2025-27456 HIGH
Endress MEAC300-FNADE4 Firmware - Improper Restriction of Excessive Authentication Attempts in SMB Server
CVSS 7.5
CVE-2025-27449 HIGH
MEAC300-FNADE4 Firmware < 0.16.0 - Brute-Force Attack via Excessive Authentication Attempts
CVSS 7.5
CVE-2025-1710 HIGH
endress meac300-fnade4_firmware < 0.16.0 - Brute-Force Attack via Excessive Authentication Attempts
CVSS 7.5
Details
Vulnerabilities 586
Links
MITRE CWE Entry Search this CWE With Exploits